Keep Your Surfing to Yourself

You can try this service free, which means you'll experience a slight delay before linking to sites, or pay for a Premium account ($14.95 for three months or $49.95 for a year) for quicker performance. The site also plans to offer Premium members selective blocking of Java applets and JavaScripts. The Anonymizer site provides free anonymous e-mail (see the accompanying feature "Protect Your E-mail") and an anonymous ISP for $59.95 a month.

Most of the major reputable sites offer an "opt-out," or the ability to request that the site not track you with a cookie. You'll usually find this option on a site's privacy-policy page. The Center for Democracy and Technology (CDT) offers a Web site (
http://opt-out.cdt.org/online/
) to help you through the process at many of the top portals, profilers, and e-commerce sites, such as DoubleClick and Yahoo. But opting out takes a bit of time and effort--and may not actually work, since it's voluntary on the part of the companies.

Current versions of Microsoft Internet Explorer and Netscape Communicator have security features that keep sites from obtaining your e-mail address or accessing your files without your permission, and every browser offers you the ability to turn off cookies.

Turning off cookies is a great idea in theory that usually fails in practice. First off, some e-commerce sites require cookies to keep track of what's in your shopping cart. If you turn cookies off, most browsers will beep at you repeatedly--sometimes multiple times on a single Web page--warning you that the site is trying to send a cookie and asking you to accept or reject the file. Needless to say, this makes browsing all but impossible.

Microsoft's new Internet Explorer 5.0 (425/882-8080,
http://www.microsoft.com/mac/ie/
) improves on this process significantly, allowing you to block cookies without all the beeping. If you want to know what cookies you've picked up in Internet Explorer, open Preferences and select Cookies from the commands on the left under Receiving Files. The list of cookies appears on the right. You can then select any you don't want and press Delete.

Webroot's $29.95 MacWasher (800/772-9383,
http://www.webroot.com/macwasher.html
) is the most thorough of the bunch (see Reviews, April 2000). This shareware utility cleans your cookie file at selected times or during start-up or shutdown. MacWasher allows you to select cookies and files you don't want deleted so you can still log in to your favorite trusted site.

If you don't want to pony up the money for MacWasher, two freeware programs can help: 1.0 Technologies' No Cookie 2.0 (
http://www.onepointoh.com/products/NoCookie/
) and MagicCookie Monster (
http://download.at/drjsoftware
), from Dr. Jon's Software. No Cookie allows you to see what's in your cookie file, delete its contents, and disable the file so it can't save new cookies but won't cause your browser to keep beeping at you. The only problem with No Cookie is that it basically offers an all-or-nothing approach. You may want some of your cookies that personalize certain pages.

While No Cookie uses a machete, MagicCookie Monster wields a scalpel. With this utility, you can edit your cookie file, selectively deleting any cookie you don't want. Of course, the flaw here is that you can't disable the cookie file, so those nasty cookies will return soon enough.

Lightspeed Surfer can also block Java applets, JavaScripts, and plug-ins--which can bring their own host of security problems, though most of those problems have occurred only on Windows computers. Of course, this kind of heavy-duty protection has its price--you lose some of the nifty functions those Java programs provide, such as streaming stock quotes and real-time chat. Also, your browser can already turn Java and JavaScript on or off on-the-fly, so this feature may be overkill.

Don't Let Others Connect the Dots

We've talked about several ways people can obtain information about you on the Web, but one of the biggest dangers is how easily they can put all this information together. Take, for example, the following popular Internet legend.

As the story goes, BigHank53 sends a random e-mail to a site, calling its creators stupid. These levelheaded chaps search the Web, probably using a search engine such as AltaVista, for his Hotmail address. (For tips on searching the Web, see "The Macworld Web Searcher's Companion," May 2000.) He's put this e-mail address on his home page, along with his résumé, information about his family, and his activities with a church youth group. The site's creators then do a search of Usenet discussion groups and discover BigHank53's e-mail address somewhere else--on postings to adult newsgroups.

After searching for the phone number of his church and employer, they have all the information they need to blackmail poor BigHank53. Their price? He must put a blinking banner that says "I am stoopit" on his home page. Is this a true story? Probably not. The scary thing is that it could be.

This site archives every posting to every Internet newsgroup in searchable form. The premise of Deja.com is that you can see people's comments about a product you may be considering buying and use the archive as a grassroots Consumer Reports.

People can use this service for different purposes, however. Anyone from crazy site creators to potential and current employers, for example, can search for your name or e-mail address. If you're making nasty remarks about your coworkers or have a penchant for violent or sexual materials, they may find that enough grounds to fire you or not to hire you. This holds true if you keep an online diary or Web log--if it's on the Web, it's not private.

If you want to avoid spam, or don't want your Usenet postings forever on display with your identifying e-mail address, get an anonymous Web-based e-mail address from a provider such as Yahoo Mail or Hotmail. These are also great to use for all online registrations--the source of some spam.

To really throw the dogs off your scent, sign up for a couple different e-mail addresses and rotate them. This keeps anyone from developing a profile, even on your anonymous e-mail. If you don't like the idea of logging into all those accounts, use a secure (and free) personal information portal like Yodlee (
http://www.yodlee.com
) to check all your e-mail addresses at once. There's another option if you want fellow posters to be able to write you but want to outwit spammers' programs--you can also insert a word or two into your e-mail address and include instructions for people to delete them before writing--for example,
reader_nospam@macworld.com. Never put these camouflage e-mail addresses on a personal home page with your name on it.

The Last Word

The precautions you choose to take really depend on how much privacy you require. In all likelihood, you could surf and post freely your whole life without dire consequences--but why take the chance? A few simple measures can put you in control of what people know about you and what they don't.

What you do at work is not your own business. It's perfectly legal for your company to monitor your surfing and rifle through your e-mail while you're on the clock (see the accompanying feature "Protect Your E-mail"). And it may do just that--according to a 1998 study by the International Data Corporation (IDC), 45 percent of all companies and 17 percent of Fortune 1000 companies use software to monitor their employees. IDC predicts that number will jump to 80 percent by 2001.

To do this in Internet Explorer, choose Internet Preferences from the Edit menu. Click on Web Browser and then on Advanced. Click on Empty Now to clear your cache; to delete your history, ask it to remember 0 places visited. In Netscape, go to the Edit menu and select Preferences. Choose the Advanced option and select Cache. Click on the Clear Disk Cache Now button.

You can also use a program such as MacWasher to get rid of all trace of your cache file or Internet Explorer History file. This program even deletes the Recent Files folder in your Apple Menu and empties the Trash.

Ignoring the obvious question of whether the sex surfer therefore had access to the classified CIA files, the former head spook could have avoided the embarrassment of sexual innuendo with OS 9. A simple step, such as using OS 9's Voiceprint feature (see Secrets, May 2000) to lock intruders out of the hard drive, could at least ensure that you don't get in trouble for what you didn't do. If you use text passwords, include capital and lowercase letters, as well as numbers and punctuation marks.

Your Own Worst Enemy

Unfortunately, you are your own biggest security risk. Any data you put in an online form, especially personal information, is fair game for advertisers or hackers.

Most information--whether it be e-mail, a photo, or items you type into a form--travels across the Internet in packets. These bounce from server to server until they reach the right computer. Hackers have programs that can sit on a server and read all the packets that pass by, so a hacker can intercept information at will.

A Clear Cache
Your browser's Cache file keeps a record of every Web page you've visited. To erase this trail in Netscape Navigator, go to Preferences and click on Clear Disk Cache Now.

If you're a fan of genealogy, for example, you may have posted your mother's maiden name on your home page or on a genealogy site such as FamilyTree Maker.com. You also may have given your date of birth in these places or when you registered for any number of sites.

Your Social Security number is probably the safest (and most crucial) of the lot, so protect it as best you can--do not give it to companies unless you must: for example, when you deal with the DMV or a creditor. If you suspect someone has intercepted your personal information and stolen your identity, move fast (see the table "Privacy Resources").

When you're constantly connected to the Internet through DSL, cable modem, or other high-speed technologies, the Internet is constantly connected to you. Millions of people can probe your Macintosh over an always-on connection--24 hours a day, 7 days a week. Do you trust all those people? Of course not!

You use a Mac, so you're immune to many problems that plague the Windows world. In its default configuration, the current Mac OS is not vulnerable to spammers or other miscreants. For instance, no one can hijack your computer and turn it into a "zombie attacker," as happened with many individuals' PCs in the recent denial-of-service attacks against Yahoo and other big Web sites.

Now that you're using the Internet more ambitiously, though, it's important to make sure you aren't exposing your computer--or yourself--to unnecessary risks. If you're running an e-mail or Web server, you'll want to protect your data as best you can from online thugs. One answer is firewall software.

Firewalls can enable or block connections on specific ports and often for particular Internet addresses. Let's say you want to use Personal Web Sharing (or Mac OS 9's Internet-capable File Sharing) to access files on your home computer from work. In addition to password-protecting your Mac, you could configure a firewall so it only permits access to port 80 (Web Sharing) or port 548 (File Sharing) from your work computer. This way, you could access your files from work, but the firewall would deny any attempt to connect to your Mac from other computers elsewhere. (However, this would also prevent you from connecting from the cybercafé down the street.)

Open Door Networks (541/488-4127,
http://www.opendoor.com
) offers the $60 DoorStop Personal Edition (see Reviews, June 2000), a simple firewall designed to protect the Macintosh on which you install it. DoorStop's interface is occasionally confusing, but configuration is straightforward, and DoorStop works with common services like Web Sharing, File Sharing, Timbuktu, Retrospect, and FileMaker. An enhanced $300 Server Edition offers more-flexible configuration options for Macs functioning as Internet servers.

Intego's $150 NetBarrier (305/868-7920,
http://www.intego.com
) also protects the computer on which you install it but offers an elaborate interface with traffic-monitoring gauges and configuration options (see Reviews, December 1999). Unlike DoorStop, NetBarrier can filter incoming and outgoing traffic, so you can prevent credit card or Social Security numbers from leaving your computer. NetBarrier protects against some denial-of-service attacks and detects port scans, which usually mean a miscreant is looking for an exploitable service. This program also overcomes a weakness in Open Transport by scrambling TCP sequences so it's tough to hijack an Internet session. NetBarrier is overkill for most people, but it offers unique features.

Safety Strategies

There are two basic approaches to a firewall: you can selectively enable connections or selectively deny connections. The former approach is more conservative--the firewall blocks all connections except the types you specifically permit. The latter approach is less secure, but it's also less hassle. You don't have to remember to use Passive FTP (in the Internet control panel's Advanced settings) or reconfigure your firewall if you install something, say, America Online Instant Messenger.

Breathe Easier

A firewall cannot protect you from every Internet threat--you can still receive Trojan horse programs or virus-infected documents via e-mail, and Web sites still try to track your every move--but it can prevent some abuses of your Mac.
--GEOFF DUNCAN